ALSA-2024:4499

[ALSA-2024:4499] Moderate: ruby security update

Type:

security

Severity:

moderate

Release date:

2024-07-17

Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

* rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)
* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)
* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)
* ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)
* REXML: DoS parsing an XML with many `<`s in an attribute value (CVE-2024-35176)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	ruby-2.5.9-112.module_el8.10.0+3871+342e2c2f.aarch64.rpm	1b96c1f6b3a8a705560d0de3bd93eaf7057142a4b632fb35cb9d6404bc5eb620
aarch64	rubygem-json-2.1.0-112.module_el8.10.0+3871+342e2c2f.aarch64.rpm	4a33b16dafcf02b77614f885bb4eac4848e4c4a1c011f94347416c018c8311d9
aarch64	ruby-devel-2.5.9-112.module_el8.10.0+3871+342e2c2f.aarch64.rpm	53a475cf6bb70293dfa332adba6e289fc25c3e86c416c7109b21cb702161be23
aarch64	Packages/rubygem-bson-4.3.0-2.module_el8.5.0+2625+ec418553.aarch64.rpm	5974fa8497b83d1a4df2acf3d75301aa07fad828a823aec6a400436f617dc58f
aarch64	rubygem-psych-3.0.2-112.module_el8.10.0+3871+342e2c2f.aarch64.rpm	6900346ef7a8129f70258bd58f353605b3d51c4defeeb0a3e248497e9eddc542
aarch64	ruby-libs-2.5.9-112.module_el8.10.0+3871+342e2c2f.aarch64.rpm	6ba6b1e7e4ab3ccd366c8ebad4b466d1570bba01637c29660928ce3db1f9e62f
aarch64	rubygem-openssl-2.1.2-112.module_el8.10.0+3871+342e2c2f.aarch64.rpm	6f405ad6f9990d3a8047bb4659212f3f402bce084b67430c8d2fc14c17a614de
aarch64	rubygem-pg-1.0.0-3.module_el8.9.0+3635+c6f99506.aarch64.rpm	b444bcde35de2998bb5f8c4db140a04c11f16f94d2252d37869a1f093dc5dd57
aarch64	rubygem-bigdecimal-1.3.4-112.module_el8.10.0+3871+342e2c2f.aarch64.rpm	d967bac7a109ba2f43a8deca568cc1b4267ad381aa1e76b318fd129df925ae9e
aarch64	Packages/rubygem-mysql2-0.4.10-4.module_el8.5.0+2625+ec418553.aarch64.rpm	df9c22479a5fbb8f2897203f63a3e4427a4fe59460d7e9ed5fe686519e1e51c8
aarch64	rubygem-io-console-0.4.6-112.module_el8.10.0+3871+342e2c2f.aarch64.rpm	e41e08d54d34a918dc35716206fc8b5e91a9655298e585ace924d765ba49b210
i686	rubygem-bigdecimal-1.3.4-112.module_el8.10.0+3871+342e2c2f.i686.rpm	04c710c5f7297ec24ff58f19d6a7c8462dbce2378804a0767d69ad85bf1fde5c
i686	ruby-libs-2.5.9-112.module_el8.10.0+3871+342e2c2f.i686.rpm	392f9ae6cffd64ead831c03d26471a43eca07911ded095de04caa5af016ef03e
i686	rubygem-json-2.1.0-112.module_el8.10.0+3871+342e2c2f.i686.rpm	83dc8be713d1637bd5d6e44fa8623dcd5ac6ef6fd66f20219daef2929a39edde
i686	rubygem-io-console-0.4.6-112.module_el8.10.0+3871+342e2c2f.i686.rpm	a8de9cdaa769a4d2c6f760eef4bd18ebf5349a93feabc2c00fb6a4aa6ae26854
i686	ruby-2.5.9-112.module_el8.10.0+3871+342e2c2f.i686.rpm	d72550655650fe862d956ab420174d7fc16476f9cb746653e0ac8c6748d9e861
i686	ruby-devel-2.5.9-112.module_el8.10.0+3871+342e2c2f.i686.rpm	da4573f18ca39166ddb5fe9293bf5be1a8cb816f9d3484695a55967e8bf4ca0c
i686	rubygem-openssl-2.1.2-112.module_el8.10.0+3871+342e2c2f.i686.rpm	dbfb56c9468d9089204dfd643209dfe4f3e813a16c456a8d29e66456aa61fa1f
i686	rubygem-psych-3.0.2-112.module_el8.10.0+3871+342e2c2f.i686.rpm	e0913890470ac7491e24fc6606e803389afc8b0eae9c92a8883b963912b8ad92
noarch	rubygem-net-telnet-0.1.1-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	0c303c5ba458f6d9bb80bb50455cd118e01e0360e7ee8aaaf2299cfd3219bf45
noarch	rubygem-did_you_mean-1.2.0-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	158e45006c9edaef3fd4b286b163e04a145e967d4594996ee30012af36f02758
noarch	rubygem-bundler-1.16.1-4.module_el8.10.0+3871+342e2c2f.noarch.rpm	186feaa413e45c36467068a22b04de47541aafc70923a531fe583d9d131263d4
noarch	rubygem-power_assert-1.1.1-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	208bfce065c6540c12d437348a7f7e4fa934dfb14ef3049711fd790dd086d5f2
noarch	rubygem-abrt-doc-0.3.0-4.module_el8.10.0+3871+342e2c2f.noarch.rpm	23f4e5352303fbe382eb4c6194887ff9e2dad8797516dd85ae0efd8eff375c61
noarch	rubygem-test-unit-3.2.7-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	277eb6e8b97f2b2635a17668ccf6874b6ca1255f12965378994b7e19bb16bb42
noarch	rubygem-bundler-doc-1.16.1-4.module_el8.10.0+3871+342e2c2f.noarch.rpm	6cf4f6e6d918e4dddcd51d124e0d055f3993d6ca4fbf1a8b9ba60534fe01a816
noarch	Packages/rubygem-bson-doc-4.3.0-2.module_el8.5.0+2625+ec418553.noarch.rpm	820dee686065f0a35fb15e687d8595cfc665da43dc8ca2196c9e11fd568f8fb6
noarch	rubygems-devel-2.7.6.3-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	8bcb7b587cc4e70a12209da45254f5970e70e2058658e5d7a230ed813196cbd0
noarch	rubygem-pg-doc-1.0.0-3.module_el8.9.0+3635+c6f99506.noarch.rpm	8d04b2fdb59f2b51995d4fc57a412831e5d4d1c9d80fea1bcd0a7f5beaa55ab7
noarch	rubygem-rdoc-6.0.1.1-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	9995050c1748ab17cfe9b5104bd1fa6775a93ee3d90a7f923035eca0b37d84bd
noarch	Packages/rubygem-mysql2-doc-0.4.10-4.module_el8.5.0+2625+ec418553.noarch.rpm	a5c437b38dfc84a5e1abd920fbb284c8c83eee2636c46db7be65dabe7580a319
noarch	rubygems-2.7.6.3-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	b48e53d39ee58f8fa5b333f57af369a78b8a2cb7de0e3e6749a08ae6fa151d60
noarch	Packages/rubygem-mongo-doc-2.5.1-2.module_el8.5.0+2625+ec418553.noarch.rpm	c506b397bd566dcb4d539202156f734660a33a62d3a515a6a1cd6b116e8f1608
noarch	rubygem-minitest-5.10.3-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	cb46b02e4f00096b3cb657ed9e9fc5bcd8d98910c12916da1d4d0aafd89bb626
noarch	rubygem-abrt-0.3.0-4.module_el8.10.0+3871+342e2c2f.noarch.rpm	ccc530c3d8881ab2b41234ee0babcf20043b53051f92259b91d3f66a0d5d8a41
noarch	ruby-irb-2.5.9-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	eb9c23b5cb8ab1ba6d8cffada269a33591daef474425e05c321a3f274e49483d
noarch	rubygem-xmlrpc-0.3.0-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	efc328554feea1306bfb3ed6f2a239ce9abb2468eaa7bb24dacaf5c78648678a
noarch	rubygem-rake-12.3.3-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	f32411bdaff630ffa4096ae258e3afc3e2f426132dbab7fd215c82b54b8c1344
noarch	ruby-doc-2.5.9-112.module_el8.10.0+3871+342e2c2f.noarch.rpm	f468e432f9d5310e3ea9b58375f60a293573d2aa47162d137ee214a54a208479
noarch	Packages/rubygem-mongo-2.5.1-2.module_el8.5.0+2625+ec418553.noarch.rpm	fd8a90dea5a7c07c95bf2e7ac7337dba4ebe6a1ce35899e2b8c46c6d51b0bbc3
ppc64le	rubygem-pg-1.0.0-3.module_el8.9.0+3635+c6f99506.ppc64le.rpm	06e82db6ec9a6ca9bca4ebf7a23a9c663e72ddf511353b31aa5cb72b797b9620
ppc64le	ruby-2.5.9-112.module_el8.10.0+3871+342e2c2f.ppc64le.rpm	0d941c380f9d3fc79c0653ebcc345bdf3931b2e25ed2adaffc649c501a301d17
ppc64le	ruby-devel-2.5.9-112.module_el8.10.0+3871+342e2c2f.ppc64le.rpm	1882d701abaaa9cdffc11823cd110c8f4cb2a429569d62eb3aac23b343cd0288
ppc64le	rubygem-json-2.1.0-112.module_el8.10.0+3871+342e2c2f.ppc64le.rpm	20cdfca0f23a6b165bb34fc10e9584116d8a42f8a81bd0e3175ad0d2d2b10bbe
ppc64le	rubygem-io-console-0.4.6-112.module_el8.10.0+3871+342e2c2f.ppc64le.rpm	3f517cc834320b69a18c9fee7979edbc00a190806c16cc3fb964f0e75b44fe78
ppc64le	rubygem-bigdecimal-1.3.4-112.module_el8.10.0+3871+342e2c2f.ppc64le.rpm	6dd5366a2e9dc83512c71553a36bbd8f81b6da25ea705cdd01bb9e10f649568a
ppc64le	rubygem-openssl-2.1.2-112.module_el8.10.0+3871+342e2c2f.ppc64le.rpm	9f9bb3b529d442cb4dba732a7d3db4522fe58be84d57ea000d25da2a80a7268a
ppc64le	rubygem-psych-3.0.2-112.module_el8.10.0+3871+342e2c2f.ppc64le.rpm	a19472e4f8559d710a7d9fff17a1ff41eff08c90b055372251dafd88bf2a9ae8
ppc64le	rubygem-bson-4.3.0-2.module_el8.5.0+259+8cec6917.ppc64le.rpm	a5e4457e2736c2e55169c63d83c1c69429c57c426851036811976c1ccafb28af
ppc64le	rubygem-mysql2-0.4.10-4.module_el8.5.0+259+8cec6917.ppc64le.rpm	aa75a18f3d930eff9a18793d83ef37e5a4ee20d38020be57b8ce69c175f1eac8
ppc64le	ruby-libs-2.5.9-112.module_el8.10.0+3871+342e2c2f.ppc64le.rpm	b6e2a32e7ff2944738c579b3131320d2022fc5008f5508169e1039f3ce7cc15c
s390x	rubygem-bigdecimal-1.3.4-112.module_el8.10.0+3871+342e2c2f.s390x.rpm	06289c2ada001cdcf9faca3a53563a5a70c682abd78b2683ec02e51cb7787ac5
s390x	ruby-devel-2.5.9-112.module_el8.10.0+3871+342e2c2f.s390x.rpm	2793a8420735e4e832600c28f740871aef115b664a68413ef825738047d6548e
s390x	ruby-libs-2.5.9-112.module_el8.10.0+3871+342e2c2f.s390x.rpm	564f04a781d45baea7fb29fbb254dc42bd67c9a388589627c5e3a0ca91e18c41
s390x	ruby-2.5.9-112.module_el8.10.0+3871+342e2c2f.s390x.rpm	6c8e10a7bf5a16a5a42da88393db496295c6988fb85a127eacf6814fc3e343ed
s390x	rubygem-json-2.1.0-112.module_el8.10.0+3871+342e2c2f.s390x.rpm	8357972b615147adaab1e77a863f2d08fcba60f293a66af3e95ff0b0aff9a9bc
s390x	rubygem-bson-4.3.0-2.module_el8.6.0+3170+4b08f9d4.s390x.rpm	871397eff83a497bf29db2e02e81837d1648c1813afa6030e2bab44d3f0db282
s390x	rubygem-io-console-0.4.6-112.module_el8.10.0+3871+342e2c2f.s390x.rpm	aa52150393cda14980a7f6ea70e0c42ffa7cba3d43920d0de76f064ae75f5759
s390x	rubygem-pg-1.0.0-3.module_el8.9.0+3635+c6f99506.s390x.rpm	d52a51f8cfdbeb3099ce92946748481f426b77c9da23f77737fe3d4fcd1b245c
s390x	rubygem-openssl-2.1.2-112.module_el8.10.0+3871+342e2c2f.s390x.rpm	d5ebe4e4c1453a78990df9a1eb21d72963f280b596507fd06b81e7a937fb879d
s390x	rubygem-mysql2-0.4.10-4.module_el8.6.0+3170+4b08f9d4.s390x.rpm	e8ee63b6046ba22292c8ac7eb85440ace9fe11b17fef5bf5f590b754f4c7aadb
s390x	rubygem-psych-3.0.2-112.module_el8.10.0+3871+342e2c2f.s390x.rpm	fb8b003da8ca741343c8e49701f697110d6eb405a1c203bafd1be794b1689a65
x86_64	ruby-libs-2.5.9-112.module_el8.10.0+3871+342e2c2f.x86_64.rpm	0903a905b89a511465612f2f95215e78c5e8ec588d0f724b50adc975bffc1062
x86_64	ruby-2.5.9-112.module_el8.10.0+3871+342e2c2f.x86_64.rpm	152ced083230b999979f70cb1f3bfff49f9e9a6afa53b1b46345bec2885e0073
x86_64	rubygem-bigdecimal-1.3.4-112.module_el8.10.0+3871+342e2c2f.x86_64.rpm	26835745be2413b43da9998bdf94f54cf7640bc0fe4c43d8e372127309c9b5ca
x86_64	rubygem-psych-3.0.2-112.module_el8.10.0+3871+342e2c2f.x86_64.rpm	2a9f951d8e4f907f5ef779339b1e483e371c97928a15625777090920f9cf60f5
x86_64	rubygem-openssl-2.1.2-112.module_el8.10.0+3871+342e2c2f.x86_64.rpm	3063cf7643dd5b2b3d594e6a6f7e2c73eadfbf96ac2b26b768a8ba2feb6af292
x86_64	Packages/rubygem-bson-4.3.0-2.module_el8.5.0+2625+ec418553.x86_64.rpm	701b12df65f3a6b04c5a716c2d13fa048539842fff558d5ca2a5517735c0ad17
x86_64	rubygem-io-console-0.4.6-112.module_el8.10.0+3871+342e2c2f.x86_64.rpm	84ca0cd0b37643f0b4cbbf1ce29d35567b01248868a1482a5b3babf3f9ec5ca7
x86_64	ruby-devel-2.5.9-112.module_el8.10.0+3871+342e2c2f.x86_64.rpm	931982b82c43ca9ededf3afb389eca8561b673d0fd64ec7884cca12fb6e255c4
x86_64	rubygem-json-2.1.0-112.module_el8.10.0+3871+342e2c2f.x86_64.rpm	af04ee16c020b247856846af33b4d6e9254a1aa688a06e00ecd06bf3cb01cc80
x86_64	Packages/rubygem-mysql2-0.4.10-4.module_el8.5.0+2625+ec418553.x86_64.rpm	b2ebe847eeadbc351ac9bd080addfc65a5c7d8181cd5b6178b37febc62237648
x86_64	rubygem-pg-1.0.0-3.module_el8.9.0+3635+c6f99506.x86_64.rpm	cffd2e1de04ca4f1dd8b5d1c891d63d2fbc06355bd26ad5daa9e9cc8dd33fdd2

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.